| Max CVSS | 7.5 | Min CVSS | 4.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-12674 | 5.0 |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
|
03-02-2023 - 02:23 | 12-08-2020 - 16:15 | |
| CVE-2020-10967 | 5.0 |
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
|
13-10-2020 - 22:15 | 18-05-2020 - 15:15 | |
| CVE-2020-12674 | 5.0 |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
|
25-09-2020 - 19:15 | 12-08-2020 - 16:15 | |
| CVE-2020-10967 | 5.0 |
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
|
25-09-2020 - 19:15 | 18-05-2020 - 15:15 | |
| CVE-2020-10957 | 5.0 |
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
|
28-05-2020 - 04:15 | 18-05-2020 - 14:15 | |
| CVE-2019-11500 | 7.5 |
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
|
06-09-2019 - 15:15 | 29-08-2019 - 14:15 | |
| CVE-2019-3814 | 4.9 |
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
|
14-06-2019 - 03:29 | 27-03-2019 - 13:29 |